[midPoint] Synchronizating roles between a database table and midPoint
MERCEDES ONCINA DELTELL
moncina at um.es
Fri Feb 11 20:00:18 CET 2022
Solved!
I can't use ri:trel_codigo because this attribute doesn´t exist in the
XML configuration, the namespace/attribute used in the schemahandling
is <ref>icfs:uid</ref>
So, I have tried <path>$projection/attributes/icfs:uid</path> and I
have imported the role correctly.
I am going the review the rest of import and export resources.
Thank you very much for your help. Another thing done and learnt.
Regards.
midpoint-request at lists.evolveum.com escribió:
> Send midPoint mailing list submissions to
> midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
> midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
> midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
> Today's Topics:
>
> 1. Re: Synchronizating roles between a database table and
> midPoint (Paulo Fernandes de Souza Junior)
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 11 Feb 2022 13:02:05 +0000
> From: Paulo Fernandes de Souza Junior <PFSJ at senado.leg.br>
> To: midPoint General Discussion <midpoint at lists.evolveum.com>
> Subject: Re: [midPoint] Synchronizating roles between a database table
> and midPoint
> Message-ID: <1644584525084.10846 at senado.leg.br>
> Content-Type: text/plain; charset="iso-8859-1"
>
> In the schema handling I assign icfs:uid, which is associated with
> the primary key of the table (TREL_CODIGO) in the resource
> configuration, with the "name" attribute, so, both "uid" and "name"
> have the same value: TREL_CODIGO.
>
> On the other hand, I have tried this:
> <correlation>
> <q:equal xmlns="">
> <q:path>name</q:path>
> <expression>
> <path>$projection/attributes/trel_codigo</path>
> </expression>
> </q:equal>
> </correlation>
>
> Try with <path>$projection/attributes/ri:trel_codigo</path>
>
> Note the "ri:"
>
> Paulo Fernandes de Souza Júnior
> NQPPPS
> Senado Federal - PRODASEN
> Fone: 61 3303.3924
>
> ________________________________
> De: midPoint <midpoint-bounces at lists.evolveum.com> em nome de
> MERCEDES ONCINA DELTELL via midPoint <midpoint at lists.evolveum.com>
> Enviado: quinta-feira, 10 de fevereiro de 2022 17:50
> Para: midpoint at lists.evolveum.com
> Cc: MERCEDES ONCINA DELTELL
> Assunto: Re: [midPoint] Synchronizating roles between a database
> table and midPoint
>
> In the schema handling I assign icfs:uid, which is associated with
> the primary key of the table (TREL_CODIGO) in the resource
> configuration, with the "name" attribute, so, both "uid" and "name"
> have the same value: TREL_CODIGO.
>
> On the other hand, I have tried this:
> <correlation>
> <q:equal xmlns="">
> <q:path>name</q:path>
> <expression>
> <path>$projection/attributes/trel_codigo</path>
> </expression>
> </q:equal>
> </correlation>
>
> And I get the same error:
> Message: Could not import account
> shadow:b18c3e63-f2c5-461c-b6c0-27b91e0aa2bb(01)
> Error: No object class found for the shadow
>
> I admit that I don't really understand the variables that can be
> used inside the expression, I have seen $user, $focus and
> $projection, but I am not very sure when each one should be used.
>
> In the rest of the resources, I use $focus in the correlation
> expression, both for input and output resources and it runs fine.
>
> Thanks in advance.
>
> please check you correlation. In the path-Tag you need to refer to an
> attribute of the projection/account, not to an attribute of the focus
> object.
>
> You could try this:
>
> <correlation> <q:equal xmlns=""> <q:path>name</q:path> <expression>
> <path>$projection/attributes/ri:/TREL_CODIGO/</path> </expression>
> </q:equal> </correlation>
>
> midpoint-request at lists.evolveum.com<mailto:midpoint-request at lists.evolveum.com>
> escribió:
>
> ------------------------------
>
> Message: 2
> Date: Thu, 10 Feb 2022 14:14:51 +0100
> From: Mercedes Oncina Deltell <moncina at um.es<mailto:moncina at um.es>>
> To: midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>
> Subject: Re: [midPoint] Synchronizating roles between a database table
> and midPoint
> Message-ID:
> <7b623c6f-989c-1cd2-74ad-08e159063317 at um.es<mailto:7b623c6f-989c-1cd2-74ad-08e159063317 at um.es>>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> I have configured it as you wrote and I can see the entitlements from de
> resource in midPoint, but when I try to import them, I get the now
> familiar error:
>
> Message
> Could not import account shadow:b18c3e63-f2c5-461c-b6c0-27b91e0aa2bb(01)
>
> Error
> No object class found for the shadow
>
> My configuration is:
>
> /* <schemaHandling>*
> <objectType id="16">
> * <kind>entitlement</kind>**
> ** <intent>default</intent>**
> ** <default>true</default>**
> **<objectClass>ri:AccountObjectClass</objectClass>*
> <attribute id="17">
> <ref>icfs:uid</ref>
> <tolerant>true</tolerant>
> <inbound id="19">
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <target>
> <path>name</path>
> </target>
> </inbound>
> </attribute>
> <attribute id="18">
> <ref>ri:TREL_DESCRIPCION</ref>
> <tolerant>true</tolerant>
> <exclusiveStrong>false</exclusiveStrong>
> <inbound id="20">
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <target>
> <path>displayName</path>
> </target>
> </inbound>
> </attribute>
> </objectType>
> </schemaHandling>
> * <synchronization>*
> <objectSynchronization>
> <name>SynchroRoles</name>
> *<objectClass>AccountObjectClass</objectClass>**
> ** <kind>entitlement</kind>**
> ** <intent>default</intent>**
> **<focusType>c:RoleType</focusType>**
> ** <enabled>true</enabled>*
> * <correlation>*
> <q:equal xmlns="">
> <q:path>name</q:path>
> <expression xmlns="">
> <path>$focus/attributes/trel_codigo</path>
> </expression>
> </q:equal>
> <q:description>CheckUIDwithCODIGO</q:description>
> </correlation>
> <reconcile>false</reconcile>
> <reaction>
> <situation>deleted</situation>
> <synchronize>true</synchronize>
> <action>
>
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
> </action>
> </reaction>
> <reaction>
> <situation>linked</situation>
> <synchronize>true</synchronize>
> <reconcile>false</reconcile>
> </reaction>
> <reaction>
> <situation>unlinked</situation>
> <synchronize>true</synchronize>
> <action>
>
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
> </action>
> </reaction>
> <reaction>
> <situation>unmatched</situation>
> <synchronize>true</synchronize>
> <reconcile>false</reconcile>
> <action>
>
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
> </action>
> </reaction>
> </objectSynchronization>
> </synchronization>/
>
> The Oracle table is:
>
> /CREATE TABLE TIPO_RELACIONES
> (
> TREL_CODIGO VARCHAR2(2 BYTE),
> TREL_DESCRIPCION VARCHAR2(60 BYTE),
> TREL_UNIVERSITARIO VARCHAR2(1 BYTE),
> TREL_PRIORIDAD NUMBER(2),
> TREL_DURACION DATE,
> TREL_MESES NUMBER(4),
> TREL_TIPO_DURACION VARCHAR2(1 BYTE),
> TREL_VIGENTE VARCHAR2(1 BYTE),
> TREL_RESPONSABLE VARCHAR2(8 BYTE),
> TREL_TIPO_EMAIL VARCHAR2(1 BYTE),
> TREL_EXTERNO VARCHAR2(1 BYTE)
> )/
>
> I only want it for importing and synchronizing data into midPoint (inbound).
>
> El 10/02/2022 a las 12:00,
> midpoint-request at lists.evolveum.com<mailto:midpoint-request at lists.evolveum.com>
> escribió:
>
> <schemaHandling> <objectType>
> <objectClass>ri:AccountObjectClass</objectClass>
> <default>true</default> <kind>*entitlement*</kind>
> <intent>default</intent> ...
> <synchronization> <objectSynchronization>
> <objectClass>AccountObjectClass</objectClass>
> <kind>*entitlement*</kind> <intent>default</intent>
> <focusType>RoleType</focusType> <enabled>true</enabled>
>
> ...
>
> --
> Mercedes Oncina Deltell
> Servicio de Infraestructuras TICS
> ATICA - Universidad de Murcia
> Telf: +34 868881983
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://lists.evolveum.com/pipermail/midpoint/attachments/20220210/51943c85/attachment-0001.htm>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 10 Feb 2022 16:46:51 +0100
> From: Marc Fueller <marc.fueller at daasi.de<mailto:marc.fueller at daasi.de>>
> To: Mercedes Oncina Deltell via midPoint
> <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
> Subject: Re: [midPoint] Synchronizating roles between a database table
> and midPoint
> Message-ID:
> <831e49ab-7b01-c992-9916-ec01841df301 at daasi.de<mailto:831e49ab-7b01-c992-9916-ec01841df301 at daasi.de>>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hi,
>
> please check you correlation. In the path-Tag you need to refer to an
> attribute of the projection/account, not to an attribute of the focus
> object.
>
> You could try this:
>
> <correlation> <q:equal xmlns=""> <q:path>name</q:path> <expression>
> <path>$projection/attributes/ri:/TREL_CODIGO/</path> </expression>
> </q:equal> </correlation>
>
> You also need to make sure that you are also mapping TREL_CODIGO to the
> midPoint "name" property in the schema handling.
>
> HTH
>
> Marc
>
> Am 10.02.22 um 14:14 schrieb Mercedes Oncina Deltell via midPoint:
>
> I have configured it as you wrote and I can see the entitlements from
> de resource in midPoint, but when I try to import them, I get the now
> familiar error:
>
> Message
> Could not import account
> shadow:b18c3e63-f2c5-461c-b6c0-27b91e0aa2bb(01)
>
> Error
> No object class found for the shadow
>
> My configuration is:
>
> /* <schemaHandling>*
> <objectType id="16">
> * <kind>entitlement</kind>**
> ** <intent>default</intent>**
> ** <default>true</default>**
> **<objectClass>ri:AccountObjectClass</objectClass>*
> <attribute id="17">
> <ref>icfs:uid</ref>
> <tolerant>true</tolerant>
> <inbound id="19">
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <target>
> <path>name</path>
> </target>
> </inbound>
> </attribute>
> <attribute id="18">
> <ref>ri:TREL_DESCRIPCION</ref>
> <tolerant>true</tolerant>
> <exclusiveStrong>false</exclusiveStrong>
> <inbound id="20">
> <authoritative>true</authoritative>
> <exclusive>false</exclusive>
> <strength>normal</strength>
> <target>
> <path>displayName</path>
> </target>
> </inbound>
> </attribute>
> </objectType>
> </schemaHandling>
> * <synchronization>*
> <objectSynchronization>
> <name>SynchroRoles</name>
> *<objectClass>AccountObjectClass</objectClass>**
> ** <kind>entitlement</kind>**
> ** <intent>default</intent>**
> **<focusType>c:RoleType</focusType>**
> ** <enabled>true</enabled>*
> * <correlation>*
> <q:equal xmlns="">
> <q:path>name</q:path>
> <expression xmlns="">
> <path>$focus/attributes/trel_codigo</path>
> </expression>
> </q:equal>
> <q:description>CheckUIDwithCODIGO</q:description>
> </correlation>
> <reconcile>false</reconcile>
> <reaction>
> <situation>deleted</situation>
> <synchronize>true</synchronize>
> <action>
>
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri>
> </action>
> </reaction>
> <reaction>
> <situation>linked</situation>
> <synchronize>true</synchronize>
> <reconcile>false</reconcile>
> </reaction>
> <reaction>
> <situation>unlinked</situation>
> <synchronize>true</synchronize>
> <action>
>
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri>
> </action>
> </reaction>
> <reaction>
> <situation>unmatched</situation>
> <synchronize>true</synchronize>
> <reconcile>false</reconcile>
> <action>
>
> <handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri>
> </action>
> </reaction>
> </objectSynchronization>
> </synchronization>/
>
> The Oracle table is:
>
> /CREATE TABLE TIPO_RELACIONES
> (
> TREL_CODIGO VARCHAR2(2 BYTE),
> TREL_DESCRIPCION VARCHAR2(60 BYTE),
> TREL_UNIVERSITARIO VARCHAR2(1 BYTE),
> TREL_PRIORIDAD NUMBER(2),
> TREL_DURACION DATE,
> TREL_MESES NUMBER(4),
> TREL_TIPO_DURACION VARCHAR2(1 BYTE),
> TREL_VIGENTE VARCHAR2(1 BYTE),
> TREL_RESPONSABLE VARCHAR2(8 BYTE),
> TREL_TIPO_EMAIL VARCHAR2(1 BYTE),
> TREL_EXTERNO VARCHAR2(1 BYTE)
> )/
>
> I only want it for importing and synchronizing data into midPoint
> (inbound).
>
> El 10/02/2022 a las 12:00,
> midpoint-request at lists.evolveum.com<mailto:midpoint-request at lists.evolveum.com>
> escribió:
>
> <schemaHandling> <objectType>
> <objectClass>ri:AccountObjectClass</objectClass>
> <default>true</default> <kind>*entitlement*</kind>
> <intent>default</intent> ...
> <synchronization> <objectSynchronization>
> <objectClass>AccountObjectClass</objectClass>
> <kind>*entitlement*</kind> <intent>default</intent>
> <focusType>RoleType</focusType> <enabled>true</enabled>
>
> ...
>
> --
> Mercedes Oncina Deltell
> Servicio de Infraestructuras TICS
> ATICA - Universidad de Murcia
> Telf: +34 868881983
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
> https://lists.evolveum.com/mailman/listinfo/midpoint
> --
> Marc Füller
> Consultant
>
> DAASI International GmbH
> Europaplatz 3
> D-72072 Tübingen
> Germany
>
> phone: +49 7071 407109-0
> fax: +49 7071 407109-9
> email:marc.fueller at daasi.de
> web:www.daasi.de[1]<http://www.daasi.de>
> Sitz der Gesellschaft: Tübingen
> Registergericht: Amtsgericht Stuttgart, HRB 382175
> Geschäftsleitung: Peter Gietz
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://lists.evolveum.com/pipermail/midpoint/attachments/20220210/6cf285e3/attachment.htm>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
> ------------------------------
>
> End of midPoint Digest, Vol 118, Issue
> 19*****************************************
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> <https://lists.evolveum.com/pipermail/midpoint/attachments/20220211/0fc8d43e/attachment.htm>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
> ------------------------------
>
> End of midPoint Digest, Vol 118, Issue
> 24*****************************************
Vínculos:
---------
[1] http://www.daasi.de
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220211/7346a65c/attachment-0001.htm>
More information about the midPoint
mailing list